Field of the Invention
The present invention relates to an information processing apparatus holding a secure chip and a method of controlling the information processing apparatus.
Description of the Related Art
Detection of tampering of computer programs running on computers using secure chips is proposed. A trusted platform module (TPM) including a volatile memory and a non-volatile memory is exemplified as a general secure chip.
For example, after starting a computer, hash values of computer programs executed by the central processing unit (CPU) of the computer are sequentially registered in the volatile memory in the TPM. The computer programs include a boot loader, an operating system (OS), and application software. After the registration, the hash values recalculated from a computer program that is being executed are compared with the hash values registered in the volatile memory in the TPM to detect whether the computer program is tampered.
A technology is also proposed to detect tampering of data in the memory in the computer in return from an idle state, for example, in a power saving mode.
Since power supply to the TPM is stopped when the computer enters the idle state in the power saving mode, the hash values registered in the volatile memory in the TPM disappear. Accordingly, when the computer returns from the idle state, the hash values registered in the volatile memory in the TPM have already disappeared. Since the detection of tampering is unavailable when the hash values have disappeared, the following measures are taken in the TPM.
The TPM saves the hash values registered in the volatile memory in the TPM in the non-volatile memory before transition to the idle state. The power supply is stopped after the saving. After returning from the idle state, the hash values saved in the non-volatile memory are restored in the volatile memory.
Japanese Patent Laid-Open No. 2009-187134 discloses a technology concerning the saving of the hash values. Specifically, the hash values in a snapshot of the memory before the computer is changed to the idle state are stored in the non-volatile memory in the TPM. Then, when the computer returns from the idle state, the hash values recalculated from the snapshot are compared with the hash values stored in the non-volatile memory.
However, when the CPU executes application software after the TPM saves the hash values registered in the volatile memory in the non-volatile memory, the hash values of the application software are registered in the volatile memory again.
In other words, the content of the non-volatile memory does not coincide with the content of the volatile memory at this time. In order to prevent an occurrence of the inconsistency between the contents of the memories, the content of the non-volatile memory is initialized in the TPM when the hash values are registered in the volatile memory after the content of the volatile memory has been saved in the non-volatile memory.
When the non-volatile memory is initialized before the transition to the idle state, initial values are restored in the volatile memory when the computer returns from the idle state. In this state, it is not possible to detect whether the application software that is being started is tampered. In addition, when the hash values of application software that is newly started is to be registered, the hash values are registered in a state in which the hash values of other software, such as the boot loader or the OS, are not registered. When the detection of tampering is performed in the state in which the hash values of other software, such as the boot loader or the OS, are not registered, it is determined that the tampering is performed.
The present invention provides an information processing apparatus holding a secure chip, which is capable of preventing an occurrence of any problem when the hash value of application software is registered in the secure chip after the information processing apparatus returns from the idle state.